PT-2024-34466 · Unknown · Simplcommerce

Abdullah Almutawa

Published

2024-12-20

Updated

2025-01-05

CVE-2024-50945

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: SimplCommerce version 230310c8d7a0408569b292c5a805c459d47a1d8f

Description: An improper access control issue exists, allowing users to submit reviews without verifying if they have purchased the product. This issue affects the review system, enabling unauthorized users to post reviews for products they have not purchased.

Recommendations: As a temporary workaround, consider disabling the review submission feature until a patch is available. Restrict access to the review system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-284

Related Identifiers

CVE-2024-50945

Affected Products

Simplcommerce

PT-2024-34466 · Unknown · Simplcommerce

CVE-2024-50945

Weakness Enumeration

Related Identifiers

Affected Products

References · 14